Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: LDAP user and group backend causing frequent errors as of NC 24 #33622

Closed
7 of 9 tasks
Adambean opened this issue Aug 19, 2022 · 7 comments
Closed
7 of 9 tasks

[Bug]: LDAP user and group backend causing frequent errors as of NC 24 #33622

Adambean opened this issue Aug 19, 2022 · 7 comments
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap bug needs info

Comments

@Adambean
Copy link

Adambean commented Aug 19, 2022
edited
Loading

⚠️ This issue respects the following points: ⚠️

  • This is a bug, not a question or a configuration/webserver/proxy issue.
  • This issue is not already reported on Github (I've searched it).
  • Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
  • Nextcloud Server is running on 64bit capable CPU, PHP and OS.
  • I agree to follow Nextcloud's Code of Conduct.

Bug description

Good afternoon,

The LDAP user and group backend functionality has been the source of a lot of errors recently as of updating to NC 24.

  • Request 5HiSSTs2OKKG7whPwWY8 is an example error when trying to login.
  • Request 9FxSJKzzOUbrq65IDsk8 is an example error when trying to retrieve users or groups via the LDAP configuration wizard.
  • Request drmZOACEwahqrtlOHPCf is an example error from the Windows NextCloud client.

Steps to reproduce

  1. Install and configure The LDAP user and group backend functionality on NextCloud 24.0.4.1
  2. Attempt to use the NextCloud client or LDAP configuration wizard's user/group tests.

Expected behavior

The LDAP user and group backend functionality to not produce the errors quoted.

Installation method

Community Manual installation with Archive

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.0

Web server

Apache (supported)

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

Updated to a major version (ex. 22.2.3 to 23.0.1)

Are you using the Nextcloud Server Encryption module?

No. App disabled.

What user-backends are you using?

  • Default user-backend (database)
  • LDAP/ Active Directory
  • SSO - SAML
  • Other

Configuration report

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "cloud.internal.example.com"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "version": "24.0.4.1",
        "installed": true,
        "maintenance": false,
        "dbtype": "mysql",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "sendmail",
        "mail_sendmailmode": "smtp",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "ldapIgnoreNamingRules": false,
        "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory",
        "theme": "",
        "loglevel": 3,
        "mysql.utf8mb4": true,
        "overwrite.cli.url": "https:\/\/cloud.internal.example.com",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "encryption.legacy_format_support": false,
        "encryption.key_storage_migrated": false,
        "twofactor_enforced": "true",
        "twofactor_enforced_groups": [
            "Administrators",
            "admin"
        ],
        "twofactor_enforced_excluded_groups": [
            "Guests",
            "Services",
            "Servers",
            "Compilers"
        ]
    }
}

List of activated Apps

Enabled:
  - accessibility: 1.10.0
  - activity: 2.16.0
  - admin_audit: 1.14.0
  - announcementcenter: 6.3.1
  - apporder: 0.15.0
  - audioplayer: 3.3.0
  - bruteforcesettings: 2.4.0
  - calendar: 3.4.2
  - checksum: 1.1.4
  - circles: 24.0.1
  - cloud_federation_api: 1.7.0
  - comments: 1.14.0
  - contacts: 4.2.0
  - contactsinteraction: 1.5.0
  - dashboard: 7.4.0
  - dav: 1.22.0
  - drawio: 1.0.3
  - extract: 1.3.5
  - federatedfilesharing: 1.14.0
  - federation: 1.14.0
  - files: 1.19.0
  - files_accesscontrol: 1.14.1
  - files_antivirus: 3.3.1
  - files_automatedtagging: 1.14.0
  - files_external: 1.16.1
  - files_markdown: 2.3.6
  - files_pdfviewer: 2.5.0
  - files_retention: 1.13.2
  - files_rightclick: 1.3.0
  - files_sharing: 1.16.2
  - files_trashbin: 1.14.0
  - files_versions: 1.17.0
  - files_videoplayer: 1.13.0
  - firstrunwizard: 2.13.0
  - forms: 2.5.1
  - fulltextsearch: 24.0.0
  - groupfolders: 12.0.1
  - impersonate: 1.11.0
  - integration_gitlab: 1.0.3
  - keeweb: 0.6.9
  - logreader: 2.9.0
  - lookup_server_connector: 1.12.0
  - maps: 0.2.0
  - metadata: 0.16.0
  - nextcloud_announcements: 1.13.0
  - notes: 4.5.0
  - notifications: 2.12.0
  - oauth2: 1.12.0
  - password_policy: 1.14.0
  - photos: 1.6.0
  - polls: 3.7.0
  - previewgenerator: 5.0.0
  - privacy: 1.8.0
  - provisioning_api: 1.14.0
  - quota_warning: 1.14.0
  - ransomware_protection: 1.13.0
  - recommendations: 1.3.0
  - serverinfo: 1.14.0
  - settings: 1.6.0
  - sharebymail: 1.14.0
  - socialsharing_email: 2.5.0
  - support: 1.7.0
  - survey_client: 1.12.0
  - systemtags: 1.14.0
  - tasks: 0.14.4
  - terms_of_service: 1.10.2
  - text: 3.5.1
  - theming: 1.15.0
  - twofactor_backupcodes: 1.13.0
  - twofactor_email: 2.5.0
  - twofactor_nextcloud_notification: 3.4.0
  - twofactor_totp: 6.4.0
  - updatenotification: 1.14.0
  - user_ldap: 1.14.1
  - user_status: 1.4.0
  - viewer: 1.8.0
  - weather_status: 1.4.0
  - welcome: 1.0.1
  - workflowengine: 2.6.0
Disabled:
  - audioplayer_editor: 0.3.0
  - encryption
  - flowupload: 1.1.3
  - gpgmailer
  - group_everyone: 0.1.10
  - hsts: 0.9.0
  - ldap_contacts_backend: 1.4.0
  - ldap_write_support: 1.4.0
  - ldapcontacts: 2.0.5
  - passwords: 2022.6.10
  - secsignid: 0.3.3
  - suspicious_login: 4.2.0
  - twofactor_admin: 3.2.0
  - twofactor_gateway: 0.20.0
  - twofactor_u2f: 6.3.1

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

{
    "reqId": "5HiSSTs2OKKG7whPwWY8",
    "level": 3,
    "time": "2022-08-19T15:47:15+00:00",
    "remoteAddr": "****::11",
    "user": "****-****-****-****",
    "app": "PHP",
    "method": "POST",
    "url": "/index.php/login",
    "message": "Undefined array key 0 at /var/www/cloud/apps/user_ldap/lib/User/User.php#672",
    "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0",
    "version": "24.0.4.1",
    "exception": {
        "Exception": "Error",
        "Message": "Undefined array key 0 at /var/www/cloud/apps/user_ldap/lib/User/User.php#672",
        "Code": 0,
        "Trace": [{
            "file": "/var/www/cloud/apps/user_ldap/lib/User/User.php",
            "line": 672,
            "function": "onError",
            "class": "OC\\Log\\ErrorHandler",
            "type": "::"
        }, {
            "file": "/var/www/cloud/lib/private/legacy/OC_Hook.php",
            "line": 106,
            "function": "handlePasswordExpiry",
            "class": "OCA\\User_LDAP\\User\\User",
            "type": "->"
        }, {
            "file": "/var/www/cloud/lib/private/Server.php",
            "line": 609,
            "function": "emit",
            "class": "OC_Hook",
            "type": "::"
        }, {
            "function": "OC\\{closure}",
            "class": "OC\\Server",
            "type": "->",
            "args": ["*** sensitive parameters replaced ***"]
        }, {
            "file": "/var/www/cloud/lib/private/Hooks/EmitterTrait.php",
            "line": 106,
            "function": "call_user_func_array"
        }, {
            "file": "/var/www/cloud/lib/private/Hooks/PublicEmitter.php",
            "line": 40,
            "function": "emit",
            "class": "OC\\Hooks\\BasicEmitter",
            "type": "->"
        }, {
            "file": "/var/www/cloud/lib/private/User/Session.php",
            "line": 400,
            "function": "emit",
            "class": "OC\\Hooks\\PublicEmitter",
            "type": "->"
        }, {
            "file": "/var/www/cloud/lib/private/Authentication/Login/CompleteLoginCommand.php",
            "line": 44,
            "function": "completeLogin",
            "class": "OC\\User\\Session",
            "type": "->",
            "args": ["*** sensitive parameters replaced ***"]
        }, {
            "file": "/var/www/cloud/lib/private/Authentication/Login/ALoginCommand.php",
            "line": 40,
            "function": "process",
            "class": "OC\\Authentication\\Login\\CompleteLoginCommand",
            "type": "->"
        }, {
            "file": "/var/www/cloud/lib/private/Authentication/Login/LoggedInCheckCommand.php",
            "line": 60,
            "function": "processNextOrFinishSuccessfully",
            "class": "OC\\Authentication\\Login\\ALoginCommand",
            "type": "->"
        }, {
            "file": "/var/www/cloud/lib/private/Authentication/Login/ALoginCommand.php",
            "line": 40,
            "function": "process",
            "class": "OC\\Authentication\\Login\\LoggedInCheckCommand",
            "type": "->"
        }, {
            "file": "/var/www/cloud/lib/private/Authentication/Login/EmailLoginCommand.php",
            "line": 58,
            "function": "processNextOrFinishSuccessfully",
            "class": "OC\\Authentication\\Login\\ALoginCommand",
            "type": "->"
        }, {
            "file": "/var/www/cloud/lib/private/Authentication/Login/ALoginCommand.php",
            "line": 40,
            "function": "process",
            "class": "OC\\Authentication\\Login\\EmailLoginCommand",
            "type": "->"
        }, {
            "file": "/var/www/cloud/lib/private/Authentication/Login/UidLoginCommand.php",
            "line": 54,
            "function": "processNextOrFinishSuccessfully",
            "class": "OC\\Authentication\\Login\\ALoginCommand",
            "type": "->"
        }, {
            "file": "/var/www/cloud/lib/private/Authentication/Login/ALoginCommand.php",
            "line": 40,
            "function": "process",
            "class": "OC\\Authentication\\Login\\UidLoginCommand",
            "type": "->"
        }, {
            "file": "/var/www/cloud/lib/private/Authentication/Login/UserDisabledCheckCommand.php",
            "line": 58,
            "function": "processNextOrFinishSuccessfully",
            "class": "OC\\Authentication\\Login\\ALoginCommand",
            "type": "->"
        }, {
            "file": "/var/www/cloud/lib/private/Authentication/Login/ALoginCommand.php",
            "line": 40,
            "function": "process",
            "class": "OC\\Authentication\\Login\\UserDisabledCheckCommand",
            "type": "->"
        }, {
            "file": "/var/www/cloud/lib/private/Authentication/Login/PreLoginHookCommand.php",
            "line": 53,
            "function": "processNextOrFinishSuccessfully",
            "class": "OC\\Authentication\\Login\\ALoginCommand",
            "type": "->"
        }, {
            "file": "/var/www/cloud/lib/private/Authentication/Login/Chain.php",
            "line": 108,
            "function": "process",
            "class": "OC\\Authentication\\Login\\PreLoginHookCommand",
            "type": "->"
        }, {
            "file": "/var/www/cloud/core/Controller/LoginController.php",
            "line": 329,
            "function": "process",
            "class": "OC\\Authentication\\Login\\Chain",
            "type": "->"
        }, {
            "file": "/var/www/cloud/lib/private/AppFramework/Http/Dispatcher.php",
            "line": 225,
            "function": "tryLogin",
            "class": "OC\\Core\\Controller\\LoginController",
            "type": "->",
            "args": ["*** sensitive parameters replaced ***"]
        }, {
            "file": "/var/www/cloud/lib/private/AppFramework/Http/Dispatcher.php",
            "line": 133,
            "function": "executeController",
            "class": "OC\\AppFramework\\Http\\Dispatcher",
            "type": "->"
        }, {
            "file": "/var/www/cloud/lib/private/AppFramework/App.php",
            "line": 172,
            "function": "dispatch",
            "class": "OC\\AppFramework\\Http\\Dispatcher",
            "type": "->"
        }, {
            "file": "/var/www/cloud/lib/private/Route/Router.php",
            "line": 298,
            "function": "main",
            "class": "OC\\AppFramework\\App",
            "type": "::"
        }, {
            "file": "/var/www/cloud/lib/base.php",
            "line": 1023,
            "function": "match",
            "class": "OC\\Route\\Router",
            "type": "->"
        }, {
            "file": "/var/www/cloud/index.php",
            "line": 36,
            "function": "handleRequest",
            "class": "OC",
            "type": "::"
        }],
        "File": "/var/www/cloud/lib/private/Log/ErrorHandler.php",
        "Line": 92,
        "CustomMessage": "--"
    }
}

{
    "reqId": "5HiSSTs2OKKG7whPwWY8",
    "level": 3,
    "time": "2022-08-19T15:47:15+00:00",
    "remoteAddr": "****::11",
    "user": "****-****-****-****",
    "app": "index",
    "method": "POST",
    "url": "/index.php/login",
    "message": "array_key_exists(): Argument #2 ($array) must be of type array, null given in file '/var/www/cloud/apps/user_ldap/lib/User/User.php' line 672",
    "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0",
    "version": "24.0.4.1",
    "exception": {
        "Exception": "Exception",
        "Message": "array_key_exists(): Argument #2 ($array) must be of type array, null given in file '/var/www/cloud/apps/user_ldap/lib/User/User.php' line 672",
        "Code": 0,
        "Trace": [{
            "file": "/var/www/cloud/lib/private/AppFramework/App.php",
            "line": 172,
            "function": "dispatch",
            "class": "OC\\AppFramework\\Http\\Dispatcher",
            "type": "->"
        }, {
            "file": "/var/www/cloud/lib/private/Route/Router.php",
            "line": 298,
            "function": "main",
            "class": "OC\\AppFramework\\App",
            "type": "::"
        }, {
            "file": "/var/www/cloud/lib/base.php",
            "line": 1023,
            "function": "match",
            "class": "OC\\Route\\Router",
            "type": "->"
        }, {
            "file": "/var/www/cloud/index.php",
            "line": 36,
            "function": "handleRequest",
            "class": "OC",
            "type": "::"
        }],
        "File": "/var/www/cloud/lib/private/AppFramework/Http/Dispatcher.php",
        "Line": 165,
        "Previous": {
            "Exception": "TypeError",
            "Message": "array_key_exists(): Argument #2 ($array) must be of type array, null given",
            "Code": 0,
            "Trace": [{
                "file": "/var/www/cloud/apps/user_ldap/lib/User/User.php",
                "line": 672,
                "function": "array_key_exists"
            }, {
                "file": "/var/www/cloud/lib/private/legacy/OC_Hook.php",
                "line": 106,
                "function": "handlePasswordExpiry",
                "class": "OCA\\User_LDAP\\User\\User",
                "type": "->"
            }, {
                "file": "/var/www/cloud/lib/private/Server.php",
                "line": 609,
                "function": "emit",
                "class": "OC_Hook",
                "type": "::"
            }, {
                "function": "OC\\{closure}",
                "class": "OC\\Server",
                "type": "->",
                "args": ["*** sensitive parameters replaced ***"]
            }, {
                "file": "/var/www/cloud/lib/private/Hooks/EmitterTrait.php",
                "line": 106,
                "function": "call_user_func_array"
            }, {
                "file": "/var/www/cloud/lib/private/Hooks/PublicEmitter.php",
                "line": 40,
                "function": "emit",
                "class": "OC\\Hooks\\BasicEmitter",
                "type": "->"
            }, {
                "file": "/var/www/cloud/lib/private/User/Session.php",
                "line": 400,
                "function": "emit",
                "class": "OC\\Hooks\\PublicEmitter",
                "type": "->"
            }, {
                "file": "/var/www/cloud/lib/private/Authentication/Login/CompleteLoginCommand.php",
                "line": 44,
                "function": "completeLogin",
                "class": "OC\\User\\Session",
                "type": "->",
                "args": ["*** sensitive parameters replaced ***"]
            }, {
                "file": "/var/www/cloud/lib/private/Authentication/Login/ALoginCommand.php",
                "line": 40,
                "function": "process",
                "class": "OC\\Authentication\\Login\\CompleteLoginCommand",
                "type": "->"
            }, {
                "file": "/var/www/cloud/lib/private/Authentication/Login/LoggedInCheckCommand.php",
                "line": 60,
                "function": "processNextOrFinishSuccessfully",
                "class": "OC\\Authentication\\Login\\ALoginCommand",
                "type": "->"
            }, {
                "file": "/var/www/cloud/lib/private/Authentication/Login/ALoginCommand.php",
                "line": 40,
                "function": "process",
                "class": "OC\\Authentication\\Login\\LoggedInCheckCommand",
                "type": "->"
            }, {
                "file": "/var/www/cloud/lib/private/Authentication/Login/EmailLoginCommand.php",
                "line": 58,
                "function": "processNextOrFinishSuccessfully",
                "class": "OC\\Authentication\\Login\\ALoginCommand",
                "type": "->"
            }, {
                "file": "/var/www/cloud/lib/private/Authentication/Login/ALoginCommand.php",
                "line": 40,
                "function": "process",
                "class": "OC\\Authentication\\Login\\EmailLoginCommand",
                "type": "->"
            }, {
                "file": "/var/www/cloud/lib/private/Authentication/Login/UidLoginCommand.php",
                "line": 54,
                "function": "processNextOrFinishSuccessfully",
                "class": "OC\\Authentication\\Login\\ALoginCommand",
                "type": "->"
            }, {
                "file": "/var/www/cloud/lib/private/Authentication/Login/ALoginCommand.php",
                "line": 40,
                "function": "process",
                "class": "OC\\Authentication\\Login\\UidLoginCommand",
                "type": "->"
            }, {
                "file": "/var/www/cloud/lib/private/Authentication/Login/UserDisabledCheckCommand.php",
                "line": 58,
                "function": "processNextOrFinishSuccessfully",
                "class": "OC\\Authentication\\Login\\ALoginCommand",
                "type": "->"
            }, {
                "file": "/var/www/cloud/lib/private/Authentication/Login/ALoginCommand.php",
                "line": 40,
                "function": "process",
                "class": "OC\\Authentication\\Login\\UserDisabledCheckCommand",
                "type": "->"
            }, {
                "file": "/var/www/cloud/lib/private/Authentication/Login/PreLoginHookCommand.php",
                "line": 53,
                "function": "processNextOrFinishSuccessfully",
                "class": "OC\\Authentication\\Login\\ALoginCommand",
                "type": "->"
            }, {
                "file": "/var/www/cloud/lib/private/Authentication/Login/Chain.php",
                "line": 108,
                "function": "process",
                "class": "OC\\Authentication\\Login\\PreLoginHookCommand",
                "type": "->"
            }, {
                "file": "/var/www/cloud/core/Controller/LoginController.php",
                "line": 329,
                "function": "process",
                "class": "OC\\Authentication\\Login\\Chain",
                "type": "->"
            }, {
                "file": "/var/www/cloud/lib/private/AppFramework/Http/Dispatcher.php",
                "line": 225,
                "function": "tryLogin",
                "class": "OC\\Core\\Controller\\LoginController",
                "type": "->",
                "args": ["*** sensitive parameters replaced ***"]
            }, {
                "file": "/var/www/cloud/lib/private/AppFramework/Http/Dispatcher.php",
                "line": 133,
                "function": "executeController",
                "class": "OC\\AppFramework\\Http\\Dispatcher",
                "type": "->"
            }, {
                "file": "/var/www/cloud/lib/private/AppFramework/App.php",
                "line": 172,
                "function": "dispatch",
                "class": "OC\\AppFramework\\Http\\Dispatcher",
                "type": "->"
            }, {
                "file": "/var/www/cloud/lib/private/Route/Router.php",
                "line": 298,
                "function": "main",
                "class": "OC\\AppFramework\\App",
                "type": "::"
            }, {
                "file": "/var/www/cloud/lib/base.php",
                "line": 1023,
                "function": "match",
                "class": "OC\\Route\\Router",
                "type": "->"
            }, {
                "file": "/var/www/cloud/index.php",
                "line": 36,
                "function": "handleRequest",
                "class": "OC",
                "type": "::"
            }],
            "File": "/var/www/cloud/apps/user_ldap/lib/User/User.php",
            "Line": 672
        },
        "CustomMessage": "--"
    }
}

{
    "reqId": "drmZOACEwahqrtlOHPCf",
    "level": 4,
    "time": "2022-08-19T15:40:09+00:00",
    "remoteAddr": "****::11",
    "user": "****-****-****-****",
    "app": "webdav",
    "method": "PROPFIND",
    "url": "/remote.php/dav/files/****-****-****-****/",
    "message": "array_key_exists(): Argument #2 ($array) must be of type array, null given",
    "userAgent": "Mozilla/5.0 (Windows) mirall/3.4.2stable-Win64 (build 20220127) (Nextcloud, windows-10.0.19044 ClientArchitecture: x86_64 OsArchitecture: x86_64)",
    "version": "24.0.4.1",
    "exception": {
        "Exception": "TypeError",
        "Message": "array_key_exists(): Argument #2 ($array) must be of type array, null given",
        "Code": 0,
        "Trace": [{
            "file": "/var/www/cloud/apps/user_ldap/lib/User/User.php",
            "line": 672,
            "function": "array_key_exists"
        }, {
            "file": "/var/www/cloud/lib/private/legacy/OC_Hook.php",
            "line": 106,
            "function": "handlePasswordExpiry",
            "class": "OCA\\User_LDAP\\User\\User",
            "type": "->"
        }, {
            "file": "/var/www/cloud/lib/private/Server.php",
            "line": 609,
            "function": "emit",
            "class": "OC_Hook",
            "type": "::"
        }, {
            "function": "OC\\{closure}",
            "class": "OC\\Server",
            "type": "->",
            "args": ["*** sensitive parameters replaced ***"]
        }, {
            "file": "/var/www/cloud/lib/private/Hooks/EmitterTrait.php",
            "line": 106,
            "function": "call_user_func_array"
        }, {
            "file": "/var/www/cloud/lib/private/Hooks/PublicEmitter.php",
            "line": 40,
            "function": "emit",
            "class": "OC\\Hooks\\BasicEmitter",
            "type": "->"
        }, {
            "file": "/var/www/cloud/lib/private/User/Session.php",
            "line": 400,
            "function": "emit",
            "class": "OC\\Hooks\\PublicEmitter",
            "type": "->"
        }, {
            "file": "/var/www/cloud/lib/private/User/Session.php",
            "line": 654,
            "function": "completeLogin",
            "class": "OC\\User\\Session",
            "type": "->",
            "args": ["*** sensitive parameters replaced ***"]
        }, {
            "file": "/var/www/cloud/lib/private/User/Session.php",
            "line": 353,
            "function": "loginWithToken",
            "class": "OC\\User\\Session",
            "type": "->",
            "args": ["*** sensitive parameters replaced ***"]
        }, {
            "file": "/var/www/cloud/lib/private/User/Session.php",
            "line": 450,
            "function": "login",
            "class": "OC\\User\\Session",
            "type": "->",
            "args": ["*** sensitive parameters replaced ***"]
        }, {
            "file": "/var/www/cloud/apps/dav/lib/Connector/Sabre/Auth.php",
            "line": 129,
            "function": "logClientIn",
            "class": "OC\\User\\Session",
            "type": "->",
            "args": ["*** sensitive parameters replaced ***"]
        }, {
            "file": "/var/www/cloud/3rdparty/sabre/dav/lib/DAV/Auth/Backend/AbstractBasic.php",
            "line": 103,
            "function": "validateUserPass",
            "class": "OCA\\DAV\\Connector\\Sabre\\Auth",
            "type": "->",
            "args": ["*** sensitive parameters replaced ***"]
        }, {
            "file": "/var/www/cloud/apps/dav/lib/Connector/Sabre/Auth.php",
            "line": 251,
            "function": "check",
            "class": "Sabre\\DAV\\Auth\\Backend\\AbstractBasic",
            "type": "->"
        }, {
            "file": "/var/www/cloud/apps/dav/lib/Connector/Sabre/Auth.php",
            "line": 154,
            "function": "auth",
            "class": "OCA\\DAV\\Connector\\Sabre\\Auth",
            "type": "->"
        }, {
            "file": "/var/www/cloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php",
            "line": 180,
            "function": "check",
            "class": "OCA\\DAV\\Connector\\Sabre\\Auth",
            "type": "->"
        }, {
            "file": "/var/www/cloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php",
            "line": 135,
            "function": "check",
            "class": "Sabre\\DAV\\Auth\\Plugin",
            "type": "->"
        }, {
            "file": "/var/www/cloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php",
            "line": 89,
            "function": "beforeMethod",
            "class": "Sabre\\DAV\\Auth\\Plugin",
            "type": "->"
        }, {
            "file": "/var/www/cloud/3rdparty/sabre/dav/lib/DAV/Server.php",
            "line": 456,
            "function": "emit",
            "class": "Sabre\\DAV\\Server",
            "type": "->"
        }, {
            "file": "/var/www/cloud/3rdparty/sabre/dav/lib/DAV/Server.php",
            "line": 253,
            "function": "invokeMethod",
            "class": "Sabre\\DAV\\Server",
            "type": "->"
        }, {
            "file": "/var/www/cloud/3rdparty/sabre/dav/lib/DAV/Server.php",
            "line": 321,
            "function": "start",
            "class": "Sabre\\DAV\\Server",
            "type": "->"
        }, {
            "file": "/var/www/cloud/apps/dav/lib/Server.php",
            "line": 358,
            "function": "exec",
            "class": "Sabre\\DAV\\Server",
            "type": "->"
        }, {
            "file": "/var/www/cloud/apps/dav/appinfo/v2/remote.php",
            "line": 35,
            "function": "exec",
            "class": "OCA\\DAV\\Server",
            "type": "->"
        }, {
            "file": "/var/www/cloud/remote.php",
            "line": 166,
            "args": ["/var/www/cloud/apps/dav/appinfo/v2/remote.php"],
            "function": "require_once"
        }],
        "File": "/var/www/cloud/apps/user_ldap/lib/User/User.php",
        "Line": 672,
        "CustomMessage": "--"
    }
}

{
    "reqId": "9FxSJKzzOUbrq65IDsk8",
    "level": 3,
    "time": "2022-08-19T15:31:44+00:00",
    "remoteAddr": "****::11",
    "user": "****-****-****-****",
    "app": "index",
    "method": "POST",
    "url": "/index.php/apps/user_ldap/ajax/wizard.php",
    "message": "The arguments array must contain 2 items, 1 given",
    "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0",
    "version": "24.0.4.1",
    "exception": {
        "Exception": "ValueError",
        "Message": "The arguments array must contain 2 items, 1 given",
        "Code": 0,
        "Trace": [{
            "file": "/var/www/cloud/lib/private/L10N/L10NString.php",
            "line": 88,
            "function": "vsprintf"
        }, {
            "file": "/var/www/cloud/lib/private/L10N/L10N.php",
            "line": 127,
            "function": "__toString",
            "class": "OC\\L10N\\L10NString",
            "type": "->"
        }, {
            "file": "/var/www/cloud/lib/private/L10N/LazyL10N.php",
            "line": 56,
            "function": "n",
            "class": "OC\\L10N\\L10N",
            "type": "->"
        }, {
            "file": "/var/www/cloud/apps/user_ldap/lib/Wizard.php",
            "line": 159,
            "function": "n",
            "class": "OC\\L10N\\LazyL10N",
            "type": "->"
        }, {
            "file": "/var/www/cloud/apps/user_ldap/ajax/wizard.php",
            "line": 96,
            "function": "countGroups",
            "class": "OCA\\User_LDAP\\Wizard",
            "type": "->"
        }, {
            "file": "/var/www/cloud/lib/private/Route/Route.php",
            "line": 155,
            "args": ["/var/www/cloud/apps/user_ldap/ajax/wizard.php"],
            "function": "require_once"
        }, {
            "function": "OC\\Route\\{closure}",
            "class": "OC\\Route\\Route",
            "type": "->",
            "args": ["*** sensitive parameters replaced ***"]
        }, {
            "file": "/var/www/cloud/lib/private/Route/Router.php",
            "line": 306,
            "function": "call_user_func"
        }, {
            "file": "/var/www/cloud/lib/base.php",
            "line": 1023,
            "function": "match",
            "class": "OC\\Route\\Router",
            "type": "->"
        }, {
            "file": "/var/www/cloud/index.php",
            "line": 36,
            "function": "handleRequest",
            "class": "OC",
            "type": "::"
        }],
        "File": "/var/www/cloud/lib/private/L10N/L10NString.php",
        "Line": 88,
        "CustomMessage": "--"
    }
}

Additional info

No response
@Adambean Adambean added 0. Needs triage Pending check for reproducibility or if it fits our roadmap bug labels Aug 19, 2022
@Adambean
Copy link
Author

This appears to be regarding password policy attributes within the directory.

Looking at "apps/user_ldap/lib/User/User.php" at line 672 we find this:

$pwdGraceAuthNLimit = array_key_exists('pwdgraceauthnlimit', $result[0]) ? $result[0]['pwdgraceauthnlimit'] : [];

An exception is being thrown here because $result[0] is not an array. There is an insufficient check for this just a few lines prior:

if (is_null($result)) {

In my case $result is not null, however $result[0] is undefined, because $result is an empty array. I would suggest a more robust check here, for example:

if (is_null($result) || !is_array($result) || empty($result[0])) {

That alone is not enough as it only tries to re-fetch password policy attributes. That too could fail, in which case we need to handle if it does.

if (is_null($result) || !is_array($result) || empty($result[0])) {
    return; //password policy attributes not found in directory
}

After making that amend I can login with my LDAP account via web browser, and NextCloud for Windows immediately changed to a green tick.

@Adambean
Copy link
Author

Here's how lines 664-678 should ideally look:

			//retrieve relevant password policy attributes
			$cacheKey = 'ppolicyAttributes' . $ppolicyDN;
			$result = $this->connection->getFromCache($cacheKey);
			if (is_null($result) || !is_array($result) || empty($result[0]) || !is_array($result[0])) {
				$result = $this->access->search('objectclass=*', $ppolicyDN, ['pwdgraceauthnlimit', 'pwdmaxage', 'pwdexpirewarning']);
				$this->connection->writeToCache($cacheKey, $result);
			}

			if (is_null($result) || !is_array($result) || empty($result[0]) || !is_array($result[0])) {
				return;//password policy attributes not found in directory
			}

			$pwdGraceAuthNLimit = array_key_exists('pwdgraceauthnlimit', $result[0]) ? $result[0]['pwdgraceauthnlimit'] : [];
			$pwdMaxAge = array_key_exists('pwdmaxage', $result[0]) ? $result[0]['pwdmaxage'] : [];
			$pwdExpireWarning = array_key_exists('pwdexpirewarning', $result[0]) ? $result[0]['pwdexpirewarning'] : [];

Never submitted a PR before. I'll try that shortly.

Adambean added a commit to Adambean/nextcloud-server that referenced this issue Sep 19, 2022
@Adambean
Fixed exception thrown when logging in as an LDAP user due to a direc…
ad47c7a 
…tory not having password policy attributes available.

nextcloud#33622

Signed-off-by: Adam Reece <adam@reece.wales>
@Adambean Adambean mentioned this issue Sep 19, 2022
Closed
@bash2121
Copy link

Hello,
I have this bug and i have resolv this issue with your help. Thank you.
All works for existing account.
But now, when i create new account in my ldap, i have this error

Exception: array_key_exists(): Argument #2 ($array) must be of type array, null given in file '/var/www/html/nextcloud/do.do.fr/apps/user_ldap/lib/User/User.php' line 653

And i request error when i try login.
Can you help me please.

@Lobstros
Copy link

I was tearing my hair out trying to find and work out this bug too. As best as I can figure, the unhandled exception was happening in our case because our LDAP server default policy does not include any of the pwdGraceAuthNLimit, pwdMaxAge or pwdExpireWarning attributes.

For those that want a quick temporary fix: I added an arbitrary value for pwdGraceAuthNLimit, which seemed to mollify it, and permit logins once more.

@szaimen
Copy link
Contributor

szaimen commented May 22, 2023

Hi, please update to 25.0.7 or better 26.0.2 and report back if it fixes the issue. Thank you!

My goal is to add a label like e.g. 26-feedback to this ticket of an up-to-date major Nextcloud version where the bug could be reproduced. However this is not going to work without your help. So thanks for all your effort!

If you don't manage to reproduce the issue in time and the issue gets closed but you can reproduce the issue afterwards, feel free to create a new bug report with up-to-date information by following this link: https://github.com/nextcloud/server/issues/new?assignees=&labels=bug%2C0.+Needs+triage&template=BUG_REPORT.yml&title=%5BBug%5D%3A+

@szaimen szaimen closed this as completed Jul 20, 2023
@Adambean
Copy link
Author

Adambean commented Aug 7, 2023

I've not noticed this problem recently. (Currently running NC 27.0.0.)

@tulhaum
Copy link

tulhaum commented Sep 5, 2023

I've not noticed this problem recently too.
Currently running NC 27.0.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap bug needs info
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@Adambean @tulhaum @solracsf @Lobstros @bash2121 @szaimen